Blended Threats and JavaScript: a plan for permanent network compromise

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=oeE8XSf4xnA


Duration: 51:42
6 views
0

During Black Hat 2006, it was shown how common Web browser attacks could be leveraged bypass perimeter firewalls and "Hack Intranet Websites from the Outside." In the years since, the fundamental problems were never addressed and the Intranet remains wide open, probably because the attack techniques described had important limitations. These limitations prevented mass scale and persistent compromise of network connected devices, which include but are not limited to home broadband routers. Now in 2012, with the help of new research and next-generation technologies like HTML5, browser-based Intranet attacks have overcome many of the old limitations and improved to a new degree of scary.

This presentation will cover state-of-the-art Web browser blended threats launched with JavaScript, using zero to minimal user interaction and complete every step of the exploit attack cycle. Starting with enumeration and discovery, escalating the attack further upstream and into embedded network devices, and ultimately mass-scale permanent compromise.
Presented By:
Phil Purviance
Joshua Brashars
Black Hat - USA - 2012 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-31BlackOps
2021-12-31We have you by the Gadgets
2021-12-31Torturing OpenSSL
2021-12-31Probing The Mobile Operating Networks
2021-12-31Find Me in your Database
2021-12-31Digging Deep into the Flash Sandboxes
2021-12-31The Big Picture
2021-12-31SQL Injections
2021-12-31File Disinfection Framework Striking back at the Polymorphic Viruses
2021-12-31Easy Local Windows Kernel Exploitation
2021-12-31Blended Threats and JavaScript: a plan for permanent network compromise
2021-12-31The Info Leak Era Software Exploitation
2021-12-31How many bricks does it take to Crack a Microcell?
2021-12-31Windows 7 Phone Hacking & Exploitation
2021-12-31The Christopher Columbus Rule and DHS
2021-12-31Web Tracking for You
2021-12-31Smashing the Furure for Fun & Profit Presented By:Jeff Moss Bruce Schneier Adam Shostack
2021-12-31Recent Java Exploitation Trends and Malware
2021-12-31Are you my type? : Breaking NET Sandboxes through serialization
2021-12-31Changing the Security Paradigm... Taking back your network and bringing pain to the adversary
2021-12-30There's a party at ring0 Tavis Ormandy, Julien Tinnes


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
hacked
hacking conference
conference
learn
how to
2022
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Phil Purviance
Joshua Brashars